rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (51)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40311 | Med | 5.5 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has bee | |
| CVE-2026-34238 | Med | 5.1 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. | |
| CVE-2026-33908 | Hig | 7.5 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth l | |
| CVE-2026-33905 | Med | 5.5 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an ou | |
| CVE-2026-33900 | Med | 5.9 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentia | |
| CVE-2026-33899 | Med | 5.3 | < 6.8.8.1-71.241.1 | 6.8.8.1-71.241.1 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6. | |
| CVE-2026-33536 | Med | 5.1 | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 26, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an | |
| CVE-2026-33535 | Med | 4.0 | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 26, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the | |
| CVE-2026-31853 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 11, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6 | ||
| CVE-2026-30937 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely larg | ||
| CVE-2026-30883 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13- | ||
| CVE-2026-28693 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | ||
| CVE-2026-28692 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and | ||
| CVE-2026-28691 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 a | ||
| CVE-2026-28690 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker | ||
| CVE-2026-28689 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/w | ||
| CVE-2026-28688 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing | ||
| CVE-2026-28687 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. | ||
| CVE-2026-28686 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1 | ||
| CVE-2026-28494 | — | < 6.8.8.1-71.236.1 | 6.8.8.1-71.236.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copi |
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has bee
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write.
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth l
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an ou
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentia
- affected < 6.8.8.1-71.241.1fixed 6.8.8.1-71.241.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.
- affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an
- affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the
- CVE-2026-31853Mar 11, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6
- CVE-2026-30937Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely larg
- CVE-2026-30883Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-
- CVE-2026-28693Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
- CVE-2026-28692Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and
- CVE-2026-28691Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 a
- CVE-2026-28690Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker
- CVE-2026-28689Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/w
- CVE-2026-28688Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing
- CVE-2026-28687Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.
- CVE-2026-28686Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1
- CVE-2026-28494Mar 9, 2026affected < 6.8.8.1-71.236.1fixed 6.8.8.1-71.236.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copi
Page 1 of 3